Trust & Security
How we protect customer data, who is behind the service, and which sub-processors we share data with.
The legal entity
- Company
- LMTS DEVELOPMENT LTD
- Companies House number
- 17148125
- Director
- Panikkos Panayiotou
- Contact
- hello@browserforhire.com
- Security contact
- security@browserforhire.com
- DPO contact
- dpo@browserforhire.com
The data on this page is the public commercial signal we expose to Google and Yandex for E-E-A-T and commercial-trust ranking factors. See Companies House for the canonical record.
Compliance
| Standard | Status |
|---|---|
| SOC 2 Type II | In audit, expected Q3 |
| GDPR | DPA available on request |
| HIPAA | Available on Enterprise (signed BAA) |
| ISO 27001 | On the roadmap, 2027 |
Sub-processors
We update this list and email customers in advance of any new processor that handles personal data.
| Vendor | Purpose |
|---|---|
| Stripe | Payments |
| Cloudflare | CDN, DNS, WAF |
| Vercel | Marketing site hosting |
| Fly.io / GCP | Compute (browser pool) |
| Supabase | Auth, database, storage |
| PostHog | Product analytics |
| 2Captcha / CapSolver / AntiCaptcha | CAPTCHA solving (rotation) |
| Bright Data / Oxylabs / IPRoyal | Residential proxies (rotation) |
| Better Stack | Logs and uptime monitoring |
| Sentry | Error tracking |
Security practices
- Ephemeral browser containers — destroyed at session end, no persistent disk for customer data unless you explicitly opt in to BYO storage.
- API keys hashed at rest, scoped per environment (test / live), rotateable in the dashboard.
- All traffic over TLS 1.2+; HSTS preloaded; mTLS available on Enterprise.
- Cloudflare WAF in front of the marketing site; Fastify rate-limits in front of the gateway.
- Annual third-party penetration test starting with the first SOC2 Type II window.
- Responsible-disclosure program: security@browserforhire.com.